Hi there. Im having a bit of difficulty trying to decipher all the packet info on my machine and was looking for a way to detect the information easier.
Im looking to detect a facebook successful login via wireshark as well as detecting if a user uses the chat feature. But i have no idea what all these packets are that are showing up. Is there a filtering option that can be setup just to detect facebook information?
asked 05 Jul '11, 04:01
Assuming the monitored Facebook chat users are not using IM-encryption clients, you can watch Facebook chat messages by applying this display filter:
Login is encrypted over SSL, so it would be difficult (if not impossible) for a display filter to detect whether a login is successful. You can, however, detect SSL Facebook traffic (which might be for login) using this display filter:
EDIT: Facebook supports Secure Browsing, which encrypts all Facebook traffic, including chat messages. They've also updated their chat protocol. See recent post.
answered 05 Jul '11, 22:43
edited 22 Jan '12, 08:31
The easiest way to follow facebook chats is to use the search function. Use the searchstring 'subject":"","body":"' and search for the string in the packet bytes. As result you see only the text which is displayed on the users screen, no matter whether the transmission is encrypted or not.
answered 22 Jan '12, 01:30
i don't know
answered 16 Oct '11, 18:59